General
-
Target
bafa6e6c16bd0bc7c82e9f11c149aa1b74a16918901ecfa8dd2ee9556c824f63
-
Size
1.0MB
-
Sample
230911-npt5wsfe6t
-
MD5
9ef39a4dbfc7e4ddc769bb2e3825660e
-
SHA1
fedf458dbb3cfbe5ae8f492e676b3a7c7f60e0bb
-
SHA256
bafa6e6c16bd0bc7c82e9f11c149aa1b74a16918901ecfa8dd2ee9556c824f63
-
SHA512
24601b3e20a37a15edd45d8488f8969ea8679161ad523665327891b5f83eaa41b68f9cee7be887bd94038b20d6d366a2f8d1a3cd0a316ffef780f52cd68a1627
-
SSDEEP
24576:1lG6VugrdGAY1r41kIk3TDkkBLjhDpqrDh:tugrdGAerikzPBR1aDh
Static task
static1
Behavioral task
behavioral1
Sample
bafa6e6c16bd0bc7c82e9f11c149aa1b74a16918901ecfa8dd2ee9556c824f63.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
amadey_api
amadapi.tuktuk.ug:11290
-
auth_value
a004bea47cf55a1c8841d46c3fe3e6f5
Targets
-
-
Target
bafa6e6c16bd0bc7c82e9f11c149aa1b74a16918901ecfa8dd2ee9556c824f63
-
Size
1.0MB
-
MD5
9ef39a4dbfc7e4ddc769bb2e3825660e
-
SHA1
fedf458dbb3cfbe5ae8f492e676b3a7c7f60e0bb
-
SHA256
bafa6e6c16bd0bc7c82e9f11c149aa1b74a16918901ecfa8dd2ee9556c824f63
-
SHA512
24601b3e20a37a15edd45d8488f8969ea8679161ad523665327891b5f83eaa41b68f9cee7be887bd94038b20d6d366a2f8d1a3cd0a316ffef780f52cd68a1627
-
SSDEEP
24576:1lG6VugrdGAY1r41kIk3TDkkBLjhDpqrDh:tugrdGAerikzPBR1aDh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-